ldap过滤器的distinguishedName [英] ldap filter for distinguishedName

问题描述

我正在使用以下代码成功查询用户的Active Directory:

I am successfully querying our Active Directory for a user with the following code:

$filter = (&(objectCategory=person)(samaccountname=someusername));
$fields = array("samaccountname","mail","manager","department","displayname","objectGUID");

$user = ldap_search($ldapconnection, $baseDn, $filter, $fields);

结果数组为manager属性提供以下值:

The resulting array gives this value for the manager attribute:

CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com

对我来说，这看起来像一个专有名称.但是当我尝试查询经理的记录时，

This looks like a distinguishedName to me. But when I try to query for the manager's record,

$filter = (&(objectCategory=person)(dn='CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com'));

$manager = ldap_search($ldapconnection, $baseDn, $filter, $fields);

查询失败，并显示PHP Warning: ldap_search(): Search: Bad search filter

我尝试了多种可能性，包括不同的引号，更多的括号，使用distinguishedName而不是dn等.

I've tried a number of possibilities including different quotation, more parentheses, using distinguishedName rather than dn, etc.

我在做错什么，以及获得经理记录的正确方法是什么?

What am I doing wrong and what is the right way to get the manager's record?

推荐答案

dn不是属性.过滤器中只能使用属性类型，OID和名称.

dn is not an attribute. Only attribute types, OIDs, and names can be used in filters.

获得manager属性时，要获取作为管理者的DN的属性，请在搜索请求中将manager属性的值用作基础对象.将搜索范围设置为BASE，将过滤器设置为(&)或(objectClass=*)，并请求所需的属性.然后将搜索请求发送到服务器并解释响应.

When you get the manager attribute, to get the attributes for the DN that is the manager, use the value of the manager attribute as the base object in a search request. Set the scope of the search to BASE, the filter to either (&) or (objectClass=*) and request the attributes required. Then transmit than search request to the server and interpret the response.

这篇关于ldap过滤器的distinguishedName的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！